Memory leak in cephwrap_realpath (vfs_ceph.c)
Rungta, Vandana
vrungta at amazon.com
Thu May 10 17:49:18 UTC 2018
Because the asprintf man page says result is undefined in the error path, I initialized it to NULL. The man page also says the error can be because memory allocation wasn't possible or some other error. The additional SAFE_FREE was to handle the case that memory allocation succeeded but there was some other error before they returned.
I am happy to sign off on the change.
Thanks,
Vandana
On 5/8/18, 2:41 PM, "Jeremy Allison" <jra at samba.org> wrote:
On Tue, May 08, 2018 at 11:37:49PM +0200, David Disseldorp wrote:
> On Tue, 8 May 2018 11:34:26 -0700, Jeremy Allison via samba-technical wrote:
>
> > On Mon, May 07, 2018 at 11:11:42AM +0200, David Disseldorp via samba-technical wrote:
> > > Hi Vandana,
> > >
> > > On Sun, 6 May 2018 16:53:30 +0000, Rungta, Vandana via samba-technical wrote:
> > >
> > > > There are a couple of memory leak issues in cephwrap_realpath in vfs_ceph.c
> > > >
> > > >
> > > > 1. “result” is double allocated by SMB_MALLOC_ARRAY and by asprintf .
> > > > 2. The error code paths for r < 0 need to SAFE_FREE “result”.
> > >
> > > Thanks for the report, your analysis looks correct to me.
> > > Could you please resend your patch as an attachment or git pull URL, as
> > > the inline version seems to be malformed.
> > > Also, please add your sign-off to the commit.
>
> Actually the SAFE_FREE() in the error path should be dropped, as
> "result" is undefined. This patch looks fine otherwise:
Ah yes, just checked the asprintf() man page... Thanks !
> Reviewed-by: David Disseldorp <ddiss at samba.org>
>
> Please change the Author field to Vandana's once she's happy to
> sign-off.
Will do.
More information about the samba-technical
mailing list